================================================================== BUG: KCSAN: data-race in wb_timer_fn / wbt_inflight_cb write to 0xffff888102860304 of 4 bytes by interrupt on cpu 0: calc_wb_limits block/blk-wbt.c:304 [inline] scale_up block/blk-wbt.c:313 [inline] wb_timer_fn+0x403/0xa00 block/blk-wbt.c:382 blk_stat_timer_fn+0x3f4/0x410 block/blk-stat.c:99 call_timer_fn+0x2e/0x240 kernel/time/timer.c:1410 expire_timers+0x116/0x260 kernel/time/timer.c:1455 __run_timers+0x338/0x3d0 kernel/time/timer.c:1747 run_timer_softirq+0x19/0x30 kernel/time/timer.c:1760 __do_softirq+0x12c/0x2b1 kernel/softirq.c:298 asm_call_irq_on_stack+0xf/0x20 __run_on_irqstack arch/x86/include/asm/irq_stack.h:26 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:77 [inline] do_softirq_own_stack+0x32/0x40 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:393 [inline] __irq_exit_rcu+0xb2/0xc0 kernel/softirq.c:423 sysvec_apic_timer_interrupt+0x74/0x90 arch/x86/kernel/apic/apic.c:1091 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:631 cpumask_any_but+0x47/0x80 lib/cpumask.c:59 flush_tlb_mm_range+0xa2/0xe0 arch/x86/mm/tlb.c:915 flush_tlb_page arch/x86/include/asm/tlbflush.h:235 [inline] ptep_clear_flush+0xb3/0xd0 mm/pgtable-generic.c:97 wp_page_copy+0x77b/0x1490 mm/memory.c:2890 do_wp_page+0x482/0x6c0 arch/x86/include/asm/atomic.h:95 handle_pte_fault mm/memory.c:4392 [inline] __handle_mm_fault mm/memory.c:4509 [inline] handle_mm_fault+0x13d1/0x1770 mm/memory.c:4607 do_user_addr_fault+0x33e/0x730 arch/x86/mm/fault.c:1372 handle_page_fault arch/x86/mm/fault.c:1429 [inline] exc_page_fault+0x91/0x290 arch/x86/mm/fault.c:1485 asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:583 copy_user_enhanced_fast_string+0xe/0x40 arch/x86/lib/copy_user_64.S:205 copy_user_generic arch/x86/include/asm/uaccess_64.h:37 [inline] raw_copy_to_user arch/x86/include/asm/uaccess_64.h:58 [inline] copyout lib/iov_iter.c:148 [inline] _copy_to_iter+0x1db/0xbc0 lib/iov_iter.c:635 copy_to_iter include/linux/uio.h:137 [inline] simple_copy_to_iter+0x4c/0x60 net/core/datagram.c:519 __skb_datagram_iter+0xa5/0x4f0 net/core/datagram.c:425 skb_copy_datagram_iter+0x39/0xf0 net/core/datagram.c:533 skb_copy_datagram_msg include/linux/skbuff.h:3532 [inline] tipc_recvstream+0x313/0x8b0 net/tipc/socket.c:2039 ____sys_recvmsg+0x15d/0x310 include/linux/uio.h:234 ___sys_recvmsg net/socket.c:2618 [inline] __sys_recvmsg+0x1d1/0x3c0 net/socket.c:2654 __do_sys_recvmsg net/socket.c:2664 [inline] __se_sys_recvmsg net/socket.c:2661 [inline] __x64_sys_recvmsg+0x42/0x50 net/socket.c:2661 do_syscall_64+0x39/0x80 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 read to 0xffff888102860304 of 4 bytes by task 9895 on cpu 1: rwb_enabled block/blk-wbt.c:80 [inline] get_limit block/blk-wbt.c:458 [inline] wbt_inflight_cb+0x3f/0x220 block/blk-wbt.c:495 rq_qos_wait+0xac/0x210 block/blk-rq-qos.c:266 __wbt_wait block/blk-wbt.c:518 [inline] wbt_wait+0x1bb/0x2b0 block/blk-wbt.c:583 __rq_qos_throttle+0x39/0x70 block/blk-rq-qos.c:72 rq_qos_throttle block/blk-rq-qos.h:182 [inline] blk_mq_submit_bio+0x233/0x1020 block/blk-mq.c:2174 __submit_bio_noacct_mq block/blk-core.c:1026 [inline] submit_bio_noacct+0x77d/0x930 block/blk-core.c:1059 submit_bio+0x1f3/0x360 block/blk-core.c:1129 ext4_io_submit fs/ext4/page-io.c:382 [inline] io_submit_add_bh fs/ext4/page-io.c:425 [inline] ext4_bio_write_page+0x958/0xda0 fs/ext4/page-io.c:552 mpage_submit_page fs/ext4/inode.c:2092 [inline] mpage_map_and_submit_buffers fs/ext4/inode.c:2340 [inline] mpage_map_and_submit_extent fs/ext4/inode.c:2479 [inline] ext4_writepages+0xe9b/0x1e30 fs/ext4/inode.c:2792 do_writepages+0x7b/0x150 mm/page-writeback.c:2352 __writeback_single_inode+0x84/0x560 fs/fs-writeback.c:1461 writeback_sb_inodes+0x6a0/0x1020 fs/fs-writeback.c:1721 wb_writeback+0x27d/0x660 fs/fs-writeback.c:1894 wb_do_writeback+0x101/0x5d0 fs/fs-writeback.c:2039 wb_workfn+0xb8/0x410 fs/fs-writeback.c:2080 process_one_work+0x3e1/0x950 kernel/workqueue.c:2272 worker_thread+0x635/0xb90 kernel/workqueue.c:2418 kthread+0x1fd/0x220 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 9895 Comm: kworker/u4:5 Not tainted 5.10.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: writeback wb_workfn (flush-8:0) ==================================================================